Redhat Enterprise Linux vulnerabilities

CVE-2020-27842 [MEDIUM] CWE-125 CVE-2020-27842: There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provi There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.

CVE-2020-35507 [MEDIUM] CWE-476 CVE-2020-35507: There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 wh There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.

CVE-2020-27846 [CRITICAL] CWE-115 CVE-2020-27846: A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypas A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2020-25712 [HIGH] CWE-122 CVE-2020-25712: A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may l A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-27777 [MEDIUM] CWE-862 CVE-2020-27777: A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.

CVE-2020-27786 [HIGH] CWE-416 CVE-2020-27786: A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local accoun A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege e

CVE-2020-27825 [MEDIUM] CWE-362 CVE-2020-27825: A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). The A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.

CVE-2020-25692 [HIGH] CWE-476 CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a r A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.

CVE-2020-29573 [HIGH] CWE-787 CVE-2020-29573: sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a s sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect

CVE-2020-27771 [LOW] CWE-190 CVE-2020-27771: In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf fi

CVE-2020-27775 [LOW] CWE-190 CVE-2020-27775: A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undef

CVE-2020-27773 [LOW] CWE-369 CVE-2020-27773: A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other

CVE-2020-27774 [LOW] CWE-190 CVE-2020-27774: A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file th A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefi

CVE-2020-27772 [LOW] CWE-190 CVE-2020-27772: A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is proc A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined be

CVE-2020-27765 [LOW] CWE-369 CVE-2020-27765: A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw

CVE-2020-27776 [LOW] CWE-190 CVE-2020-27776: A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file th A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to und

CVE-2020-27767 [LOW] CWE-190 CVE-2020-27767: A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems r

CVE-2020-27778 [HIGH] CWE-824 CVE-2020-27778: A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.

CVE-2020-14339 [HIGH] CWE-772 CVE-2020-14339: A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QE A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing seriou

CVE-2020-14351 [HIGH] CWE-416 CVE-2020-14351: A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem a A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.